Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/5giKIzoqLUmTk5bpB-Fzzyjho3o.roa
File:                     5giKIzoqLUmTk5bpB-Fzzyjho3o.roa (raw, json)
Hash identifier:          vbowB622CUsW8a9ZGsN5Pb1PGv5O+KJ2eQsC40IVbn0=
Subject key identifier:   E6:08:8A:23:3A:2A:2D:49:93:93:96:E9:07:E1:73:CF:28:E1:A3:7A
Certificate issuer:       /CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
Certificate serial:       018CCA2B797A07810CF5D4AD11CA095837A2
Authority key identifier: 88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/5giKIzoqLUmTk5bpB-Fzzyjho3o.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        193.39.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 07:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:79:7a:07:81:0c:f5:d4:ad:11:ca:09:58:37:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6088a233a2a2d49939396e907e173cf28e1a37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:15:81:8e:bd:50:74:96:72:81:34:e0:4b:e2:
                    1b:39:26:5b:2b:ed:e7:1f:3f:e6:32:04:f7:17:d1:
                    58:f4:05:9c:b6:3f:12:2a:b8:de:bf:d7:34:27:32:
                    cd:c6:75:e0:40:35:05:42:c7:73:46:27:26:05:b1:
                    c4:0a:e1:b5:a4:71:8d:2d:47:85:94:a9:0a:78:ec:
                    14:e5:84:f6:77:02:0b:b3:8d:91:a6:c2:65:90:8d:
                    bf:12:fa:f3:f2:23:b9:67:ea:31:68:27:82:b7:21:
                    ff:90:66:a5:ea:25:df:45:3a:0b:8d:5a:08:f6:db:
                    08:5e:b6:6d:45:88:4b:68:44:0e:1c:6a:f6:c5:68:
                    96:12:fd:36:75:64:9f:e7:42:fb:08:08:1b:2e:a1:
                    57:32:27:53:e7:59:69:b0:8b:83:95:80:37:5f:9b:
                    8c:fb:4d:50:8f:9a:e5:55:f2:41:e6:12:82:32:dc:
                    bd:02:09:9e:4f:bb:d0:2f:93:06:68:4c:d2:8a:19:
                    f1:44:34:06:da:10:c0:b3:c9:f5:f5:95:7e:d0:47:
                    3a:2c:dc:a6:aa:2d:88:32:22:52:a7:a7:d9:d2:76:
                    73:64:72:bd:59:08:d2:5d:49:22:95:7c:c0:2f:46:
                    f9:54:55:00:20:2a:58:de:05:d0:ea:87:ef:f3:0d:
                    80:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:08:8A:23:3A:2A:2D:49:93:93:96:E9:07:E1:73:CF:28:E1:A3:7A
            X509v3 Authority Key Identifier:
                keyid:88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/5giKIzoqLUmTk5bpB-Fzzyjho3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:6c:dc:75:82:b5:27:1f:52:77:d5:d7:03:fe:31:6e:d1:41:
         97:d8:a7:20:5b:5e:dd:15:74:f7:a6:3e:19:22:c1:29:a2:5d:
         8a:72:c7:63:6a:06:64:e4:3b:8f:19:d6:37:ff:2e:a4:45:50:
         04:d9:0c:50:a9:7d:41:5c:ad:ed:51:df:f1:53:69:b2:bb:45:
         95:3d:60:f8:e2:8b:b9:ed:78:91:36:31:19:64:da:a8:59:29:
         16:12:67:32:ca:19:89:78:82:83:e7:0c:07:43:5f:74:f3:f2:
         44:2c:d0:79:be:5a:c1:f3:64:27:e0:d6:b4:7a:14:5e:c0:a3:
         23:3e:2c:68:a4:28:1a:7c:c7:d2:3f:6a:cc:d8:d7:bb:67:9c:
         70:fa:fe:ef:3e:12:de:2f:68:0f:f5:27:55:97:b7:18:7c:04:
         c7:cd:00:75:e5:cb:bf:78:00:d6:c4:fd:9e:5a:be:e9:1a:30:
         fb:93:d2:d2:bc:4e:27:7b:5f:be:0a:a7:e1:59:a5:76:31:03:
         e5:85:14:2f:b4:ee:b8:1a:26:98:54:b5:78:da:f0:aa:21:2b:
         25:98:dd:7c:e7:4b:62:f7:bc:8a:09:7d:c3:31:21:e2:09:f0:
         66:e5:90:fe:53:95:1e:aa:f4:c3:49:6f:2b:7e:65:f9:2f:8d:
         e4:10:65:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3l6B4EM9dStEcoJWDeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MjFhMzlhZWQ5ZGE0ZWUzYWI2NjM5ZDI0NDUwOGZhMWU4
ZDIwZjYwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA4OGEyMzNhMmEyZDQ5OTM5Mzk2ZTkwN2UxNzNjZjI4ZTFhMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBWBjr1QdJZygTTgS+IbOSZbK+3n
Hz/mMgT3F9FY9AWctj8SKrjev9c0JzLNxnXgQDUFQsdzRicmBbHECuG1pHGNLUeF
lKkKeOwU5YT2dwILs42RpsJlkI2/Evrz8iO5Z+oxaCeCtyH/kGal6iXfRToLjVoI
9tsIXrZtRYhLaEQOHGr2xWiWEv02dWSf50L7CAgbLqFXMidT51lpsIuDlYA3X5uM
+01Qj5rlVfJB5hKCMty9AgmeT7vQL5MGaEzSihnxRDQG2hDAs8n19ZV+0Ec6LNym
qi2IMiJSp6fZ0nZzZHK9WQjSXUkilXzAL0b5VFUAICpY3gXQ6ofv8w2ApwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYIiiM6Ki1Jk5OW6Qfhc88o4aN6MB8GA1UdIwQY
MBaAFIgho5rtnaTuOrZjnSRFCPoejSD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAt
ZjYwZDZmNzE4MmExLzEvNWdpS0l6b3FMVW1UazVicEItRnp6eWpobzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAtZjYwZDZmNzE4MmEx
LzEvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSe8MA0G
CSqGSIb3DQEBCwUAA4IBAQAYbNx1grUnH1J31dcD/jFu0UGX2KcgW17dFXT3pj4Z
IsEpol2KcsdjagZk5DuPGdY3/y6kRVAE2QxQqX1BXK3tUd/xU2myu0WVPWD44ou5
7XiRNjEZZNqoWSkWEmcyyhmJeIKD5wwHQ1908/JELNB5vlrB82Qn4Na0ehRewKMj
PixopCgafMfSP2rM2Ne7Z5xw+v7vPhLeL2gP9SdVl7cYfATHzQB15cu/eADWxP2e
Wr7pGjD7k9LSvE4ne1++CqfhWaV2MQPlhRQvtO64GiaYVLV42vCqISslmN1850ti
97yKCX3DMSHiCfBm5ZD+U5UeqvTDSW8rfmX5L43kEGW0
-----END CERTIFICATE-----